CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

Published: Feb 15, 2022
Updated: Oct 26, 2023
CVE: CVE-2022-25173
GHSA: GHSA-4m7p-55jm-3vwv
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
jenkins / pipeline-_groovy	-	2648.va9433432b33c.x
org.jenkins-ci.plugins.workflow / workflow-cps	-	2648.2651.v230593e03e9f

http://www.openwall.com/lists/oss-security/2022/02/15/2
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

Vulnerability Database

CVE-2022-25173

Deep Security Visibility Without the Complexity